Designed by humans, accelerated by AI agents. Secure client, patient, and B2B portals shipped in 6–8 weeks. HIPAA, SOC2 Type II, and ISO 27001 ready.
Off-the-shelf portals force your team to bend to the tool. Custom portals from a traditional agency take three to six months and cost $200k or more. You wait a quarter, then a quarter again, and the login flow still doesn't do what your CFO asked for.
Meanwhile, AI builders like Bubble or Lovable lock you in, skip compliance, and ship a demo that fails your first security audit.
Senior engineers and Claude Design working together. The AI drafts; the senior ships. You get a custom portal in 6–8 weeks with full source ownership, HIPAA and SOC2 readiness, no vendor lock.
See the six-stage workflow →
Five specialised agents, one senior reviewer per stage. AI handles the mechanical work. Seniors own every decision that touches compliance, architecture, or security.
Six flavours of custom portal, each with its own compliance, integration, and UX pattern library. Click a card to see the dedicated service page.
B2C / SaaS
Secure customer-facing portals for SaaS and professional services. Covers document exchange, billing, tickets, and self-service.
Partner / Reseller
Multi-tenant portals for partners, resellers, and account managers. SSO with Okta or Azure AD, granular RBAC, order and quote workflows.
Healthcare / HIPAA
HIPAA-ready patient portals with EHR integrations (Epic, Cerner), telehealth, secure messaging, and prescription management.
Supply Chain
Supplier onboarding, PO management, invoice submission, and SLA dashboards. Ready for SOX and ISO 27001 audits.
Internal / HR
Intranets and HR portals with SSO, leave requests, knowledge bases, and integrations to Workday, BambooHR, and Slack.
AI-Native
Semantic search, chat assistants, and predictive alerts embedded in your client experience. Claude or OpenAI, with a full audit trail.
Four phases, fixed scope, written SOW. Procurement gets a checklist; your CTO gets a shippable architecture on day one.
Weeks 1–2
Problem statement, user personas, information architecture, clickable prototype, and a security and compliance plan mapped to your audit posture.
Weeks 3–4
Design system, 15–30 hi-fi screens (Claude Design plus senior designer), clickable prototype, and a WCAG 2.2 AA accessibility audit.
Weeks 5–7
Production code (React/Next.js plus backend), SSO/SAML, RBAC, API integrations, Playwright e2e tests, and a staging environment.
Week 8
Production deploy, auto-generated plus human-reviewed documentation, a recorded knowledge transfer, and 30 days of post-launch support.
Every engagement starts with a Discovery sprint. A written scope, compliance posture, and price range delivered within two business days.
Five layers where AI pulls its weight. Beside it: the four things we refuse to automate. Together they explain why portals built on this stack pass CTO review.
UI and component generation. Design-system-aware. Every screen is reviewed by the design director against brand and WCAG 2.2 AA before sign-off.
Code-scaffolding agents for React, Next.js, Node, and Go. Vendor-agnostic: Claude is primary, but any frontier LLM can slot in.
Custom rule sets for security, accessibility, and architecture drift. Flags go to a senior engineer; the agent never merges on its own.
AI generates end-to-end tests, fuzz inputs, and accessibility sweeps. A QA lead signs off the test plan before pen-testing begins.
Architecture decision records, API docs, and onboarding runbooks. Drafted by agents, reviewed by the tech lead, owned by you.
Four decisions we keep human, with no exceptions and no overrides.
Data model, tenancy, and auth topology. A human owns every load-bearing choice.
HIPAA, SOC2, and ISO reviews are run by named humans and a third-party audit firm.
Roadmap calls, trade-offs, and difficult conversations with your CTO happen human-to-human.
Book a 30-min discovery call and we walk you through every layer live: design, engineering, QA, and compliance. We share real architecture diagrams and audit letters from shipped portals. No slides, no sales pitch. Just the stack, explained by the engineers who built it.
Every line of code and every pixel of UI passes through a senior specialist review before merge. AI accelerates; it does not replace expertise. In portal work, one bug in an RBAC rule or an auth flow costs more in reputation than a two-week delay.
Code scaffolds, design drafts, tests, and documentation, generated in minutes, not days.
Every PR reviewed, refactored, and tested before merge. Architecture, security, and final design are owned by named humans.
Every PR is reviewed and tested by a senior engineer before merge. SAST, DAST, and a human architecture sign-off are mandatory gates. We will walk your CTO through the pipeline on call one.
Our architecture is vendor-agnostic. Claude is primary for design and code, but we can swap to any frontier LLM (OpenAI, Google Gemini, open-weights) without touching your portal runtime. You own the prompts and the pipeline.
Every AI-generated line passes SAST (Semgrep, SonarQube), DAST (OWASP ZAP), a manual senior review, and (for compliance-heavy portals) an external pen-test before launch. Security is a gate, not a lane.
Transparent pricing: 30–40% less than a ScienceSoft-tier engagement, not 90%. The savings come from mechanical work; expertise is still the value. Our SOW itemises where AI runs and where seniors do.
Our portfolio includes a HIPAA-compliant patient portal shipped in seven weeks and a B2B vendor portal in six. Book a discovery call and we'll share the architecture and the audit letters under NDA.
Yes. A Traditional Mode is available: the same senior team, no AI agents in the loop. Cost is +25%, timeline is ×1.5. Same compliance posture, same code ownership, same humans, just a slower path.
Named. Versioned. Documented. Your engineering team can own this day one.
We use the same stack the industry converged on (React, TypeScript, Tailwind) because it has the widest hiring pool, the deepest tooling, and years of production stability behind it. Your engineering team inherits code they already know, can extend without us, and can hire for on day one.
Want the Full Stack Decision Log?
We document every technology choice and the reasoning behind it. Ask us on the discovery call.
Want the Full Stack Decision Log?
We document every technology choice and the reasoning behind it. Ask us on the discovery call.
We use the same stack the industry converged on (React, TypeScript, Tailwind) because it has the widest hiring pool, the deepest tooling, and years of production stability behind it. Your engineering team inherits code they already know, can extend without us, and can hire for on day one.
Not a stock partner badge wall. Actual integrations we've wired, debugged, and handed off with documentation.
Need a custom integration?
We've shipped 40+ production integrations. If yours isn't on the list, we scope and wire it during discovery — documented and handed off.
Six compliance postures we build and audit against. Bring your auditor: we've done this before.
PHI Protection
BAA-compatible architecture, PHI handling, encryption at rest (AES-256) and in transit (TLS 1.3), audit logs retained per your policy.
Security Audit
Controls for security, availability, confidentiality, processing integrity, and privacy. We provide control narratives and evidence packs for your Type II window.
Info Security
Information Security Management System with documented policies, risk register, access reviews, and a mapped Statement of Applicability.
Data Privacy
Data minimisation, lawful-basis tracking, right-to-erasure and data-portability flows. DPIAs written in plain English.
When Applicable
Tokenised payment flows via Stripe or Adyen. We aim for SAQ-A scope so your portal never touches raw card data.
Audit & Control
Audit logs for every AI-generated change, model cards for each deployed AI feature, opt-out for customer-data training, and prompt-injection guardrails.
The three real options for a custom portal in 2026. Built from our own client engagements and published pricing.
| Parameter | AI Builder (Bubble, Lovable) | Vezert AI-Native | Traditional Agency |
|---|---|---|---|
| Time to MVP | 1–2 weeks (templated) | 6–8 weeks | 3–6 months |
| Custom design | Claude Design + Senior | Manual, any scope | |
| HIPAA / SOC2 / ISO 27001 | Full if scoped | ||
| Custom backend logic | Platform-limited | ||
| Full code ownership | |||
| Price range | $5k–$30k | $40k–$200k | $80k–$500k+ |
| Self-hostable |
Benchmarks from published pricing and our own client engagements. Builder tier reflects enterprise plans of the named platforms.
Four phases, eight weeks, one shared project board. AI compresses the mechanical work; seniors own every decision that touches compliance or architecture.
Paid discovery ($5k / 2 weeks). Problem statement, personas, information architecture, a security and compliance plan, and a signed SOW. Mix: 30% AI, 70% human.
1 / 5
Paid discovery ($5k / 2 weeks). Problem statement, personas, information architecture, a security and compliance plan, and a signed SOW. Mix: 30% AI, 70% human.
Claude Design ships 10–15 screens a day; the design director enforces brand and accessibility. End of week four: a clickable prototype and a passed WCAG 2.2 AA audit. Mix: 55% AI, 45% human.
Frontend, backend, auth, integrations, automated tests, staging. Code agents scaffold; senior engineers review every PR and own architecture. Mix: 60% AI, 40% human.
Production deploy, pen-test sign-off, knowledge transfer, documentation, 30 days of post-launch support. Mix: 50% AI (test suites, doc generation), 50% human (go-live, sign-off).
Two weeks, $5k, fixed scope. Signed SOW and a locked price before a single line of code is written.
Every portal engagement starts with a paid $5k discovery (2 weeks) that locks the scope, the compliance posture, and the price. Build projects start at $9,000 for a client portal and reach $90,000 for a fully-compliant HIPAA + SOC2 patient portal with all AI features. AI handles the mechanical work so seniors focus on security, architecture, and final review. Traditional Mode (no AI agents) is available at +25%.
Pick a portal type, set the shape of your use case, and see a transparent price and timeline range. The number matches what lands in your SOW within two business days of a discovery call.
Estimate is a transparent range, not a quote. Final SOW lands within two business days of a discovery call and matches this range or comes in below.
Four stacked layers. The fourth (the AI layer) is optional. The first three are always yours, always self-hostable, always documented.
Server-rendered React and Next.js, styled with Tailwind against a shared design system. Accessible by default, lazy-loaded below the fold.
REST and GraphQL APIs behind a gateway. Auth, RBAC, and audit logging live at this layer, not in the UI.
PostgreSQL with row-level security as the primary store. Redis for hot paths, S3 or GCS for objects, append-only audit logs for compliance.
Claude or OpenAI wired through a RAG pipeline with retrieval guardrails and PII redaction. Every prompt and response is logged for audit.
Book a 30-minute discovery call and we'll come back with a written scope, price, and timeline within two business days. No email gate, no drip sequence.
Practical guides on portal architecture, scalability, and enterprise web development.
The questions we hear most on the first call. If yours isn't here, drop it in the discovery form below. We reply in one business day.
